Drupal Comment Module comment_form_add_preview() Function Arbitrary Code Execution

The version of Drupal running on the remote host fails to properly validate previews on comments, and allows access to more than one input filter, which is not enabled by default. An attacker can exploit this issue by previewing a comment to have it interpreted as PHP code, resulting in arbitrary...

Drupal Comment Function Arbitrary Code Execution

The version of Drupal running on the remote host fails to properly validate previews on comments, and allows access to more than one input filter, which is not enabled by default. An attacker can exploit this issue by previewing a comment to have it interpreted as PHP code, resulting in arbitrary...

Input validation

The commentformaddpreview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form...

CVE-2007-0626

The commentformaddpreview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form...

Cross site scripting

Cross-site scripting XSS vulnerability in Movable Type MT before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231...

CVE-2007-0541

WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain...

CVE-2007-0541

WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain...

CVE-2007-0537

CVE-2007-0537 affects KDE kdelibs (used by Konqueror 3.5.5); the vulnerability arises from improper parsing of HTML comments, enabling remote XSS and bypassing some protections by embedding certain tags within a comment in a title tag. Documented in multiple advisories (Mandrake/MDKSA, RHSA, Open...

DRUPAL-SA-2007-005 - Drupal core - Arbitrary code execution

Previews on comments were not passed through normal form validation routines, enabling users with the 'post comments' permission and access to more than one input filter to execute arbitrary code. By default, anonymous and authenticated users have access to only one input format. Immediate...

Apple Safari / Konqueror SCRIPT tag filtering bypass

Brower follows script tags within HTML comment. It violates HTML standard...

CVE-2007-0369

SQL injection vulnerability in phpBP RC3 2.204 and earlier allows remote attackers to execute arbitrary SQL commands via the comment forum...

Sql injection

SQL injection vulnerability in phpBP RC3 2.204 and earlier allows remote attackers to execute arbitrary SQL commands via the comment forum...

CVE-2007-0369

SQL injection vulnerability in phpBP RC3 2.204 and earlier allows remote attackers to execute arbitrary SQL commands via the comment forum...

DEBIAN-CVE-2006-6942

Multiple cross-site scripting XSS vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via 1 a comment for a table name, as exploited through a dboperations.php, 2 the db parameter to b dbcreate.php, 3 the newname parameter to dboperations.php...

CVE-2006-6844

Cross-site scripting XSS vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form...

CVE-2006-6844

Cross-site scripting XSS vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form...

XSS - CMS Made Simple v1.0.2

Product: CMS Made Simple v1.0.2 Class: XSS Website: http://www.cmsmadesimple.org Found by: L0j1k of D.I.E. Inc. Googledork: "powered by cms made simple" -=-=-=-=- - Summary: Optional user comment module not properly sanitized for script tags. -=-=-=-=- - PoC: Input the following into user comment...

DEBIAN-CVE-2006-6504

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption...

CVE-2006-6504

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption...

CVE-2006-6504

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption...